Istio: Up and Running by Zack Butcher & Lee Calcote

Author:Zack Butcher & Lee Calcote [Zack Butcher]
Language: eng
Format: epub
Publisher: O'Reilly Media, Inc.
Published: 2019-08-24T16:00:00+00:00

mutual, which establishes a mutual TLS connection to the destination endpoint

Istio mutual, which is mutual TLS using Istio-provisioned certificates

Enabling mTLS across the mesh via Istio’s mesh configuration is a shorthand for setting Istio mutual TLS as the value for all destinations in the mesh.

For example, we can use a DestinationRule to allow connecting to a HTTPS website outside of the mesh:

apiVersion: networking.istio.io/v1alpha3

kind: DestinationRule

metadata:

name: google.com

spec:

host: "*.google.com"

trafficPolicy:

tls:

mode: SIMPLE Or we can describe connecting to another server with mTLS:

apiVersion: networking.istio.io/v1alpha3

kind: DestinationRule

metadata:

name: remote-a-ingress

spec:

host: ingress.a.remote.cluster

trafficPolicy:

tls:

mode: MUTUAL

clientCertificate: /etc/certs/remote-cluster-a.pem

privateKey: /etc/certs/client_private_key_cluster_a.pem

caCertificates: /etc/certs/rootcacerts.pem A DestinationRule like the one above together with a ServiceEntry for “ingress.a.remote.cluster” can be used to route traffic across trust domains (e.g. separate clusters) over the internet, securely, with no VPN or other overlay networks. We cover zero-VPN networking and other topics in the Advanced Use Cases chapter of this book.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.